CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

1698 matches found

RedhatCVE•added 2025/05/23 7:54 a.m.•5 views

CVE-2024-3478

The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks...

6.1CVSS6.8AI score0.00075EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 7:51 a.m.•5 views

CVE-2024-11327

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.1...

6.1CVSS6.4AI score0.02577EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:51 a.m.•3 views

CVE-2024-11453

The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gspinwidget' shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping...

6.4CVSS5.8AI score0.00233EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:38 a.m.•3 views

CVE-2024-4483

The Email Encoder WordPress plugin before 2.2.2 does not escape the WPEmailEncoderBundleoptionsprotectiontext parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting...

5.4CVSS6.4AI score0.00287EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:38 a.m.•3 views

CVE-2024-4261

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.4CVSS7.2AI score0.00594EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:39 a.m.•3 views

CVE-2024-11094

The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract data such as redirects including GET parameters which may reveal sensitive...

5.3CVSS6.6AI score0.00396EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:26 a.m.•6 views

CVE-2024-51670

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JoomSky JS Help Desk js-support-ticket allows Stored XSS.This issue affects JS Help Desk: from n/a through = 2.8.7...

5.9CVSS5.9AI score0.00158EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:14 a.m.•3 views

CVE-2024-9374

The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6.4AI score0.02581EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:2 a.m.•4 views

CVE-2023-28419

Cross-Site Request Forgery CSRF vulnerability in Stranger Studios Force First and Last Name as Display Name plugin = 1.2 versions...

8.8CVSS6.8AI score0.00052EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:41 a.m.•4 views

CVE-2023-0729

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavesortorder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS6.5AI score0.00147EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:39 a.m.•2 views

CVE-2023-26538

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kamyabsoft Chat Bee plugin = 1.1.0 versions...

5.9CVSS5.2AI score0.0008EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:28 a.m.•4 views

CVE-2023-25027

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Chained Quiz plugin = 1.3.2.5 versions...

5.9CVSS5.2AI score0.00207EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:27 a.m.•14 views

CVE-2023-25033

Cross-Site Request Forgery CSRF vulnerability in Sumo Social Share Boost plugin = 4.5 versions...

8.8CVSS7.1AI score0.00055EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:17 a.m.•3 views

CVE-2023-30477

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Essitco AFFILIATE Solution plugin = 1.0 versions...

5.9CVSS5.2AI score0.00079EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:15 a.m.•5 views

CVE-2023-47237

Cross-Site Request Forgery CSRF vulnerability in Martin Gibson Auto Publish for Google My Business plugin = 3.7 versions...

8.8CVSS8AI score0.00051EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:15 a.m.•3 views

CVE-2023-47240

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap plugin = 1.1.11 versions...

6.5CVSS5.6AI score0.0009EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:15 a.m.•4 views

CVE-2023-29171

Unauth. Reflected Cross-site Scripting XSS vulnerability in Magic Post Thumbnail plugin = 4.1.10 versions...

7.1CVSS6AI score0.00199EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:14 a.m.•8 views

CVE-2023-29437

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Steven A. Zahm Connections Business Directory plugin = 10.4.36 versions...

6.5CVSS5.6AI score0.00107EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:14 a.m.•3 views

CVE-2023-41236

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Happy addons Happy Elementor Addons Pro plugin = 2.8.0 versions...

7.1CVSS5.9AI score0.00193EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:13 a.m.•15 views

CVE-2023-41801

Cross-Site Request Forgery CSRF vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin = 4.3 versions...

8.8CVSS7AI score0.00051EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by